[ https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630501#comment-17630501 ]
Jan Høydahl commented on SOLR-16523: ------------------------------------ Gosu is not used by solr, but it is a tool (replacement for sudo) that users of the Docker image may need if they for some reason need to run the image as root to run some init-scripts, but then want to switch back to the 'solr' user at the end of the script so that Solr wont' run as root. However, if there is a critical exploitable vulnerability due to old gosu in ubuntu-focal, then we shold remove or upgrade it. > gosu binary version > ------------------- > > Key: SOLR-16523 > URL: https://issues.apache.org/jira/browse/SOLR-16523 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: Docker > Affects Versions: 8.11.2 > Reporter: Ritchie Gu > Priority: Major > > I noticed that as part of the process, it's installing gosu and few other > packages > [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,] > The version of gosu gets installed is a bit of old, and do you have any plan > to install newer version gosu in? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org